Secure Programming with Static Analysis

[jjchryan at gwu.edu (Julie Ryan)]

The US Dept of Defense has done some work on the procurement side of  
the problem.  Here are two papers for those in very large  
bureaucracies who might be interested:

Best Software Assurance Practices in Acquisition of Trusted Systems
http://www.cisse.info/colloquia/cisse10/proceedings10/pdfs/papers/ 
S02P03.pdf

Software Assurance: Five Essential Considerations for Acquisition  
Officials
http://www.stsc.hill.af.mil/CrossTalk/2007/05/0705PolydysWisseman.html

On Jul 9, 2007, at 1:16 PM, McGovern, James F (HTSC, IT) wrote:

> If you are seeking additional book ideas for this series, may I  
> suggest
> posting to computerbookauthors at yahoogroups.com?
>
> There are two books that I would love to see:
>
> - Designing Secure Software - Not everything is about the code
> - Procuring Secure Software - Most enterprises nowadays buy  
> software vs
> build it
>
>
> -----Original Message-----
> From: sc-l-bounces at securecoding.org
> [mailto:sc-l-bounces at securecoding.org] On Behalf Of Gary McGraw
> Sent: Thursday, July 05, 2007 9:01 AM
> To: 'Brian Chess'; 'sc-l at securecoding.org'
> Subject: Re: [SC-L] Secure Programming with Static Analysis
>
> Hi sc-l,
>
> I have read this awesome book (more than once) and can vouch for  
> it.  It
> is an important part of the addison-wesley software security  
> series, the
> series that includes:
> Software Security www.swsec.com
> Rootkits
> Exploiting Software
> Building Secure Software
> (and any day now Exploiting Online Games)
>
> For more on the series, see www.buildingsecurityin.com.  We are always
> on the lookout for more titles for the series, especially if they dive
> deeply into one of the seven touchpoints, so if you have a book idea
> please let me know.
>
> Meanwhile, click on this link and buy Brian and Jacob's book:
> http://www.amazon.com/dp/0321424778
>
> gem
>
> company www.cigital.com
> podcast www.cigital.com/silverbullet
> blog www.cigital.com/justiceleague
> book www.swsec.com
>
>
>
> ********************************************************************** 
> ***
> This communication, including attachments, is
> for the exclusive use of addressee and may contain proprietary,
> confidential and/or privileged information.  If you are not the  
> intended
> recipient, any use, copying, disclosure, dissemination or  
> distribution is
> strictly prohibited.  If you are not the intended recipient, please  
> notify
> the sender immediately by return e-mail, delete this communication and
> destroy all copies.
> ********************************************************************** 
> ***
>
>
> _______________________________________________
> Secure Coding mailing list (SC-L) SC-L at securecoding.org
> List information, subscriptions, etc - http://krvw.com/mailman/ 
> listinfo/sc-l
> List charter available at - http://www.securecoding.org/list/ 
> charter.php
> SC-L is hosted and moderated by KRvW Associates, LLC (http:// 
> www.KRvW.com)
> as a free, non-commercial service to the software security community.
> _______________________________________________